<?php
	
	//开启session
	session_start();

	//接收前端AJAX的传值
	$uname = $username = $_POST['uname'];

	$pwd = $_POST['pwd'];

	//安检+规范检查
	
	//处理
	$username = substr(sha1($username),3,25);
	$pwd = substr(sha1($pwd),5,25);


	//连接数据库
	include '../include/common.php';

	//查询语句
	$query = "SELECT id FROM admin WHERE username='".$username."' AND pwd='".$pwd."'";

	//执行语句
	$result = mysqli_query($conn,$query);

	//获取数据
	$res = mysqli_fetch_array($result);

	$id = $res['id'];

	//判断
	if (!$id){
		echo 'fail';
	} else {
		echo 'ok';
		//创建session
		$_SESSION['username'] = $uname;
	}
?>